diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-17 15:52:15 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:03 +0100 |
| commit | a6478a0402d577a5974968e25d1018c9d9d111cd (patch) | |
| tree | d1ce7a33e97cb09a49f660f4b67bfa84dbaab119 /src/libstrongswan/plugins/revocation/revocation_validator.c | |
| parent | e24a02a28fbde4efcba79da0bcf7068ad4127dae (diff) | |
| download | strongswan-a6478a0402d577a5974968e25d1018c9d9d111cd.tar.bz2 strongswan-a6478a0402d577a5974968e25d1018c9d9d111cd.tar.xz | |
Simplified format of x509 CRL URI parsing/enumerator
Diffstat (limited to 'src/libstrongswan/plugins/revocation/revocation_validator.c')
| -rw-r--r-- | src/libstrongswan/plugins/revocation/revocation_validator.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 147818904..c9a60934b 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -486,13 +486,13 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, auth_cfg_t *auth) { cert_validation_t valid = VALIDATION_SKIPPED; - identification_t *id; certificate_t *best = NULL; + identification_t *id; + x509_cdp_t *cdp; bool uri_found = FALSE; certificate_t *current; enumerator_t *enumerator; chunk_t chunk; - char *uri; /* use issuers subjectKeyIdentifier to find a cached CRL / fetch from CDP */ chunk = issuer->get_subjectKeyIdentifier(issuer); @@ -506,11 +506,11 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, /* find a cached CRL or fetch via configured CDP via CRLIssuer */ enumerator = subject->create_crl_uri_enumerator(subject); while (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED && - enumerator->enumerate(enumerator, &uri, &id)) + enumerator->enumerate(enumerator, &cdp)) { if (id) { - valid = find_crl(subject, id, auth, &best, &uri_found); + valid = find_crl(subject, cdp->issuer, auth, &best, &uri_found); } } enumerator->destroy(enumerator); @@ -519,17 +519,17 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) { enumerator = subject->create_crl_uri_enumerator(subject); - while (enumerator->enumerate(enumerator, &uri, &id)) + while (enumerator->enumerate(enumerator, &cdp)) { uri_found = TRUE; - current = fetch_crl(uri); + current = fetch_crl(cdp->uri); if (current) { - if (id && !current->has_issuer(current, id)) + if (cdp->issuer && !current->has_issuer(current, cdp->issuer)) { DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match " "certificates CRL issuer '%Y'", - current->get_issuer(current), id); + current->get_issuer(current), cdp->issuer); current->destroy(current); continue; } |